Carnegie Mellon University Website Home Page

Focusing on Policy and Protection during 2014 National Cybersecurity Awareness Month (NCSAM)

Security 101: Information Security @ CMU

The 2014 - Security 101 training course was developed by Carnegie Mellon's Information Security Office to raise awareness about Carnegie Mellon's information security policies and guidelines, data classification, roles and responsibilities, information security risks, and techniques for safeguarding institutional data and information systems.  All Faculty, Staff and Graduate Students are pre-enrolled.

You can access the content through Blackboard course delivery platform, and by taking the following steps:

  1. Visit Blackboard access page at
  2. Under Carnegie Mellon at the top left corner, click on "LOGIN" link, which will direct you to Web Login authentication page

    Blackboard Login

  3. Enter your Andrew user ID and password to access Blackboard
  4. Once you access Blackboard, look for 2014 - Security 101 under "My Courses".  You may find a letter (A-E) at the end of the course title to identify your course section (e.g. 2014 - Security 101 (A)).

    Blackboard My Courses

  5. Click on the course link to begin reviewing the course.

The course "2014 - Security 101" contains four training modules:

  • Policies
  • Safeguarding Institutional Data
  • Security Risks
  • Security Breach and Notification

This course is designed to be completed at your own pace and convenience. The entire course will take approximately an hour to complete.

If you have any questions about using Blackboard or the 2014 - Security 101 training, please email or call 412-268-4357 (HELP).

Back to Top

Security 101 Completion Challenge

Security 101 is designed for Faculty, Staff, and Graduate Students.  But only 3% of those users have completed the course.  Please take an hour out of your busy day to complete the course.  Any ALG representatives can e-mail the iso to get completion rates for your specific department.

5.5% (updated October 16, 2014)

Can we reach a 50% completion rate or higher before the end of October?

Back to Top

EDUCAUSE Video Contest

EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology, recently released the 2013 Information Security Awareness video and poster contest winners on YouTube.  View the winning contest videos from 2006 - 2013 at

Maybe you would like to submit a video or poster for the 2015 contest?

Back to Top

EDUCAUSE Webinar "CIO Insights on Cybersecurity"

EDUCAUSE Live! is a series of free, hour-long interactive webinars on critical information technology topics in higher education. In observance of National Cybersecurity Awareness Month, EDUCAUSE is offering a free Webinar on October 14th, 2014 by Michele Norin (CIO, The University of Arizona), Peter J. Murray (CIO/VP, University of Maryland, Baltimore), and Melissa Woo (CIO/Vice Provost for Information Services, University of Oregon). Registration is open to all university faculty, staff and students.

More information is available at EDUCAUSE Live! Webinar.  If you missed it, the archive will be available in the EDUCAUSE Live! Archives.

Back to Top

Recent Security Vulnerabilities and Breaches

October 21, 2014

Dear Staff, Faculty, and PhD Students,

Several recent high profile vulnerabilities and security breaches serve as reminders of the importance of reporting concerns, staying up to date with security patches, remaining vigilant to scams, and other good security practices, both on campus and at home.   

1.       Follow basic security best practices such as keeping software patched, selecting strong passwords/passphrases, physically securing your computers and mobile devices, and thinking twice before you click.  Internet-wide vulnerabilities with threatening names like Heartbleed, Shellshock, and this week’s POODLE (not so threatening) may seem overwhelming at first but they are easily mitigated by following tried and true guidance like timely patching and upgrades, avoiding vulnerable or suspicious sites, and reporting concerns as quickly as possible. You can read more information about what you can do at 

2.       Please contact the Information Security Office (ISO) if you are ever notified of a data breach by a third party, especially if you use that third party to store or process private or restricted CMU data.  Just this week, Dropbox denied a security breach of 7 million account passwords claiming that the usernames and passwords were stolen from other services and/or were previously changed after Dropbox detected suspicious login attempts.  If you receive a breach notice or request to reset your password from a third party and you used your AndrewID and/or password to create the third party account, change your Andrew password immediately and contact the ISO at x8-2044.  Never reuse your AndrewID or password.  Use CMU-provided services for university work.

3.      Stay alert for email scams and monitor your banking and credit card accounts especially in the wake of recent data breaches like Home Depot (56 million cards breached) and JPMorgan Chase (76 million households affected).

4.      Stay informed.   In the first 10 months of 2014 over 1 million records were breached from 19 colleges or universities.  Take the ISO’s Security 101 on-line training course hosted at to learn about university policies, procedures, and practices that protect Carnegie Mellon’s institutional data and information systems.

It’s a privilege partnering with you to keep the university’s data and systems secure.


Mary Ann Blair
Director of Information Security
Information Security Office
Computing Services
Carnegie Mellon University
ISO Hotline: 412-268-2044

Back to Top